Spyware Firms Spend Millions on Lobbying and US Deals to Evade Sanctions

TL;DR: Spyware makers Paragon Solutions and Candiru (now Saito Tech) are spending millions on lobbying and restructuring deals to stay within US government contracts and evade sanctions. Their moves highlight how commercial surveillance firms use influence and acquisitions to navigate export controls.

Context: Spyware is software that covertly monitors devices to collect data. Governments restrict its export through lists like the BIS Entity List, which blocks certain technologies from being sold to sanctioned entities. Firms under such limits often seek ways to remain eligible for US contracts.

Key Facts: Paragon Solutions signed a $2 million contract with US Immigration and Customs Enforcement (ICE) in 2024, which was reactivated in 2025 for drug‑trafficking investigations. Between 2023 and 2025, Paragon’s lobbying expenditures totaled at least $380,000, primarily through the Washington firm Holland & Knight. In April 2025, Candiru was rebranded as Saito Tech and acquired by US firm Integrity Partners for $30 million, a move described by Israeli media as intended to bypass US sanctions.

What It Means: Security teams must treat vendor relationships as part of supply‑chain risk; a change in ownership or lobbying status can affect a tool’s legitimacy and expose organizations to reputational or legal harm. Defenders should maintain an inventory of surveillance‑type software, verify vendor eligibility against the BIS Entity List, and update contracts to include clauses that allow rapid termination if sanctions change.

Mitigations: Subscribe to Commerce Department alerts for Entity List updates, apply MITRE ATT&CK mitigations such as T1059 (Command‑Line Interface) monitoring and T1027 (Obfuscated/Stored Files) detection rules, and conduct quarterly third‑party risk reviews that include lobbying disclosures and ownership structures.

What to watch next: Expect further Commerce Department reviews of the BIS Entity List and new lobbying filings from surveillance vendors as they seek to sustain US market access.